regarding "Fort N.O.C.'s" in your January 20 edition

[Dave Farber <dave () farber net>]

Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Wed, 28 Jan 2004 07:42:56 +0000
From: Paul Vixie <paul () vix com>
Subject: this is for interesting-people
Sender: vixie () vix com
To: Dave Farber <dave () farber net>


this just went out.  seems like good fodder for [IP].

---

To: letters () MSNBC com
Subject: C

re: http://www.msnbc.msn.com/id/4009568/

I wish to correct several misstatements made by Brock Meeks in his
article, "Fort N.O.C.'s", published January 20.  I am speaking as an
operator of the "F" root name server which was mentioned several times
in this story.

1. "A" root is not special in any way.  Our "F" root server receives
updates from an unrelated server called SRS which is operated under
contract from the US Department of Commerce and the Internet Corporation
for Assigned Names and Numbers (ICANN).  These updates are received by
all 13 root name servers, with "A" root a peer of the other 12, having no
special capability or importance.  If any one of these 13 servers
(including "A" root) were temporarily unavailable due to a failure or
disaster, there would be no noticeable impact on the Internet as a whole.

2. The root name servers are not "operated on a volunteer basis" as
stated in the article.  Each of the twelve organizations named on
<http://www.root-servers.org/> has funding and oversight from a local
constituency.  Operators include ISC (a US-based public benefit
corporation) RIPE NCC (who serves the European internet community) the U S
Department of Defense and NASA, the WIDE consortium in Japan, and others.
For all twelve of us, operating a root name server is a concrete
obligation, and not merely a "sense of duty".

3. VeriSign's spending toward "A" root is irrelevant, as is the number
of "backups" they might have.  Even if the portion of VeriSign's
spending which is directly attributable to "A" root exceeded the
aggregate spending by ISC's sponsors for the distributed footprint of
"F" root -- which is unlikely -- the fact remains that a global attack
affecting (9) of the 13 root name servers had no measureable affect on
overall Internet performance or availability.  For details, see
<http://f.root-servers.org/october21.txt>.  Diversity is very powerful!

4. Actually, there ARE requirements placed on the security and operations
of root name servers.  The Internet Engineering Task Force (IETF) has
published two documents on this topic, RFC 2010 and RFC 2870, and any
root server operator who fell out of compliance with these standards
would be shamed and otherwise pressured into "shaping up or shipping
out."  Paradoxically, the only root server operator who could probably
ignore IETF's standards without also worrying about losing their position
is VeriSign.

In closing, I'd like to point out that there is considerable divergence
of viewpoint among the many people who are interested in root name service.
Yet, one fact is never subject to debate: the DNS root server system is
one of the most robust and reliable services in the history of data
communications.

See also: <http://www.ripe.net/ripencc/kroot-history-20040127.html>.

Thank you for your time,

Paul Vixie, "F" root

--- 

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/